FlashFXP v3.6.0 - Buffer Overflow Vulnerability

2011-07-20T00:00:00
ID VULNERLAB:121
Type vulnerlab
Reporter Vulnerability Research Laboratory
Modified 2011-07-20T00:00:00

Description

                                        
                                            Document Title:
===============
FlashFXP v3.6.0 - Buffer Overflow Vulnerability



Release Date:
=============
2011-07-20


Vulnerability Laboratory ID (VL-ID):
====================================
121


Product & Service Introduction:
===============================
FlashFXP is a FTP (File Transfer Protocol) client for Windows, it offers you easy and fast ways to transfer any file between other local 
computers (LAN - Local Area Network) running a FTP server or via the Internet (WAN - Wide Area Network) and even directly between two 
servers using Site to Site transfers (FXP - File eXchange Protocol). Use FlashFXP to publish and maintain your website, Upload and download 
documents, photos, videos, music and more! Share your files with your friends and co-workers using the powerful site manager. There are many 
features and advanced options available within FlashFXP which are being added with the release of each new version stable or beta*. The software 
is available in over 20 languages and under active development. FlashFXP offers high security, performance, and reliability that you can always 
depend on to get your job done swiftly and efficiently.

(Copy of the Vendor Homepage: http://www.flashfxp.com)


Abstract Advisory Information:
==============================
Vulnerability Laboratory Research Team discovered a Buffer Overflow Vulnerability on FlashFXP v3.6.0.


Vulnerability Disclosure Timeline:
==================================
2011-07-21:	Public or Non-Public Disclosure



Discovery Status:
=================
Published


Affected Product(s):
====================

Exploitation Technique:
=======================
Local


Severity Level:
===============
Medium


Technical Details & Description:
================================
A Buffer Overflow Vulnerability is detected on FlashFXP. The vulnerability is located on the unrestricted 
(size-string) import function. Attackers implement large uni-code strings to overwrite the ebp & eip of 
the software process. Successful exploitation can result in system compromise via process escalation with 
system  process privileges.

Vulnerable Module(s):
						[+] .dat import 
						[+] File Assosiations


--- DEBUG LOG ---

(4a4.198): Unknown exception - code 0eedfade (first chance)
(4a4.198): Unknown exception - code 0eedfade (first chance)
(4a4.78c): Break instruction exception - code 80000003 (first chance)
eax=7ef9d000 ebx=00000000 ecx=00000000 edx=772cf50a esi=00000000 edi=00000000
eip=7724000c esp=05c2ff5c ebp=05c2ff88 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246


--- ERROR LOG ---

date/time         : 2010-04-13 01:20
computer name     : HOSTBUSTER
user name         : Rem0ve
operating system  : Windows NT New Tablet PC x64 build 7600
system language   : German
system up time    : 7 hours 57 minutes 
program up time   : 2 minutes 9 seconds 
processors        : 2x Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz
physical memory   : 2563/4091 MB (free/total)
free disk space   : (C:) 233,38 GB
display mode      : 1366x768, 32 bit
monitors          : 1
process id        : $13bc
allocated memory  : 115,85 MB
executable        : FlashFXP.exe
executable hash   : 370F40D4853967D56580F0699D3958DE
executable size   : 3068360
exec. date/time   : 2008-02-20 10:52
version           : 3.6.0.1240
madExcept version : 2.7k
exception class   : ERangeError
exception message : Range check error.

main thread ($15bc):
0040593a FlashFXP.exe System                     DynArraySetLength
00405aa1 FlashFXP.exe System                     @DynArraySetLength
0049cc08 FlashFXP.exe cxGraphics       1587  +61 TCustomConsole.WrapLine
0049c9be FlashFXP.exe cxGraphics       1451  +40 TCustomConsole.AddText
005df7bf FlashFXP.exe FrmMain1         9659  +43 TFrmMain.AddTextStatus
005e1597 FlashFXP.exe FrmMain1        10166 +314 TFrmMain.ConnectToHost
005f7dc7 FlashFXP.exe FrmMain1        17531 +329 TFrmMain.CmdLineConnect
005cd9c2 FlashFXP.exe FrmMain1         2444   +4 TFrmMain.SMConnect
004768e1 FlashFXP.exe Controls         4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls         5698  +42 TWinControl.WndProc
004699dd FlashFXP.exe Forms            3190 +139 TCustomForm.WndProc
004c449e FlashFXP.exe ThemeMgr          591  +10 TWindowProcList.DispatchMessage
004c4df4 FlashFXP.exe ThemeMgr         1149  +38 TThemeManager.FormWindowProc
004c62f8 FlashFXP.exe ThemeMgr         2056   +2 TThemeManager.PreFormWindowProc
005290ea FlashFXP.exe VistaAltFixUnit   269   +1 TFormObj.WndProc
00478da0 FlashFXP.exe Controls         5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms            1484   +8 StdWndProc
7698810d user32.dll                              DispatchMessageA
0046f6a3 FlashFXP.exe Forms            6898  +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms            6936   +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms            7026  +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP          671 +503 initialization
75453675 kernel32.dll                            BaseThreadInitThunk

thread $ebc:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1748:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1478:
772500fd ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1308 (TChangeHandlerThread):
772500fd ntdll.dll                                
757a095c KERNELBASE.dll                           WaitForMultipleObjectsEx
75451628 kernel32.dll                             WaitForMultipleObjectsEx
7545191c kernel32.dll                             WaitForMultipleObjects
00507339 FlashFXP.exe   UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe   madExcept                 HookedTThreadExecute
0041b104 FlashFXP.exe   Classes          6898  +1 ThreadProc
00403f38 FlashFXP.exe   System                    ThreadWrapper
0044bc01 FlashFXP.exe   madExcept                 CallThreadProc
0044bc43 FlashFXP.exe   madExcept                 ThreadExceptFrame
75453675 kernel32.dll                             BaseThreadInitThunk
>> created by main thread ($15bc) at:
00506fff FlashFXP.exe   UPTShellControls 3916  +2 TChangeHandlerThread.Create

thread $1128:
7724fd31 ntdll.dll                
757a2c4a KERNELBASE.dll           SleepEx
757a351b KERNELBASE.dll           Sleep
0044bc01 FlashFXP.exe   madExcept CallThreadProc
0044bc43 FlashFXP.exe   madExcept ThreadExceptFrame
75453675 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($15bc) at:
755b642e ole32.dll                

thread $1348:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $14ec:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $127c:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1104:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1530:
76987e47 user32.dll             
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll           BaseThreadInitThunk
>> created by thread $ebc at:
768b480b SHLWAPI.dll            

thread $998:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $e38:
7724f871 ntdll.dll                
757a0810 KERNELBASE.dll           WaitForSingleObjectEx
7545117f kernel32.dll             WaitForSingleObjectEx
75451133 kernel32.dll             WaitForSingleObject
0044bc01 FlashFXP.exe   madExcept CallThreadProc
0044bc43 FlashFXP.exe   madExcept ThreadExceptFrame
75453675 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($15bc) at:
75554d5c WS2_32.dll               

modules:
00400000 FlashFXP.exe          3.6.0.1240         C:/Program Files (x86)/FlashFXP
04820000 ssleay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
6a460000 ieframe.DLL           8.0.7600.16535     C:/Windows/system32
6da00000 WMVCore.DLL           12.0.7600.16385    C:/Windows/system32
6dc70000 wpdshext.dll          6.1.7600.16385     C:/Windows/system32
6df50000 NetworkExplorer.dll   6.1.7600.16385     C:/Windows/system32
6fcb0000 ntshrui.dll           6.1.7600.16385     C:/Windows/system32
6fd30000 SXS.DLL               6.1.7600.16385     C:/Windows/system32
6fd90000 EhStorShell.dll       6.1.7600.16385     C:/Windows/system32
6fe00000 slc.dll               6.1.7600.16385     C:/Windows/system32
6ff30000 SearchFolder.dll      6.1.7600.16385     C:/Windows/system32
701f0000 SAMLIB.dll            6.1.7600.16385     C:/Windows/system32
70210000 actxprxy.dll          6.1.7600.16385     C:/Windows/SysWOW64
70260000 StructuredQuery.dll   7.0.7600.16385     C:/Windows/System32
702c0000 UIAutomationCore.dll  7.0.0.0            C:/Windows/system32
70350000 xmllite.dll           1.3.1000.0         C:/Windows/system32
70410000 DUI70.dll             6.1.7600.16385     C:/Windows/system32
704d0000 explorerframe.dll     6.1.7600.16385     C:/Windows/system32
70b00000 msls31.dll            3.10.349.0         C:/Windows/system32
70b30000 ieproxy.dll           8.0.7600.16535     C:/Program Files (x86)/Internet Explorer
70b60000 EhStorAPI.dll         6.1.7600.16385     C:/Windows/system32
70b90000 shdocvw.dll           6.1.7600.16385     C:/Windows/System32
70bc0000 DUser.dll             6.1.7600.16385     C:/Windows/system32
70bf0000 thumbcache.dll        6.1.7600.16385     C:/Windows/SysWOW64
70c10000 PortableDeviceApi.dll 6.1.7600.16385     C:/Windows/system32
70ca0000 LINKINFO.dll          6.1.7600.16385     C:/Windows/system32
70cb0000 audiodev.dll          6.1.7600.16385     C:/Windows/system32
70cf0000 WMASF.DLL             12.0.7600.16385    C:/Windows/system32
726b0000 WindowsCodecs.dll     6.1.7600.16385     C:/Windows/system32
72870000 dwmapi.dll            6.1.7600.16385     C:/Windows/system32
72890000 uxtheme.dll           6.1.7600.16385     C:/Windows/system32
729a0000 tiptsf.dll            6.1.7600.16385     C:/Program Files (x86)/Common Files/microsoft shared/ink
72b40000 Secur32.dll           6.1.7600.16385     C:/Windows/System32
72b50000 apphelp.dll           6.1.7600.16385     C:/Windows/system32
72ba0000 rsaenh.dll            6.1.7600.16385     C:/Windows/system32
72be0000 CRYPTSP.dll           6.1.7600.16385     C:/Windows/system32
72c00000 comctl32.dll          6.10.7600.16385    C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72da0000 rasadhlp.dll          6.1.7600.16385     C:/Windows/system32
72db0000 fwpuclnt.dll          6.1.7600.16385     C:/Windows/System32
72df0000 pnrpnsp.dll           6.1.7600.16385     C:/Windows/system32
72e10000 napinsp.dll           6.1.7600.16385     C:/Windows/system32
72e20000 winrnr.dll            6.1.7600.16385     C:/Windows/System32
72e30000 DNSAPI.dll            6.1.7600.16385     C:/Windows/system32
72e80000 NLAapi.dll            6.1.7600.16385     C:/Windows/system32
72ea0000 WINSTA.dll            6.1.7600.16385     C:/Windows/System32
73020000 wsock32.dll           6.1.7600.16385     C:/Windows/system32
73040000 wkscli.dll            6.1.7600.16385     C:/Windows/system32
73050000 srvcli.dll            6.1.7600.16385     C:/Windows/system32
73070000 netutils.dll          6.1.7600.16385     C:/Windows/system32
730b0000 winspool.drv          6.1.7600.16385     C:/Windows/system32
73110000 oleacc.dll            7.0.0.0            C:/Windows/system32
733c0000 mswsock.dll           6.1.7600.16385     C:/Windows/System32
73410000 WINNSI.DLL            6.1.7600.16385     C:/Windows/system32
73420000 IPHLPAPI.DLL          6.1.7600.16385     C:/Windows/system32
73440000 RpcRtRemote.dll       6.1.7600.16385     C:/Windows/system32
73450000 MPR.dll               6.1.7600.16385     C:/Windows/system32
73870000 samcli.dll            6.1.7600.16385     C:/Windows/system32
739c0000 winmm.dll             6.1.7600.16385     C:/Windows/system32
73b40000 cscapi.dll            6.1.7600.16385     C:/Windows/system32
73b50000 DAVHLPR.dll           6.1.7600.16385     C:/Windows/System32
73b60000 davclnt.dll           6.1.7600.16385     C:/Windows/System32
73b80000 ntlanman.dll          6.1.7600.16385     C:/Windows/System32
73ba0000 drprov.dll            6.1.7600.16385     C:/Windows/System32
74320000 gdiplus.dll           6.1.7600.16385     C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll           7.0.7600.16385     C:/Windows/system32
74730000 ntmarta.dll           6.1.7600.16385     C:/Windows/system32
748e0000 profapi.dll           6.1.7600.16385     C:/Windows/system32
74910000 version.dll           6.1.7600.16385     C:/Windows/system32
74d90000 CRYPTBASE.dll         6.1.7600.16385     C:/Windows/syswow64
74da0000 SspiCli.dll           6.1.7600.16385     C:/Windows/syswow64
74e00000 PSAPI.DLL             6.1.7600.16385     C:/Windows/syswow64
74e10000 CLBCatQ.DLL           2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll          6.1.7600.16385     C:/Windows/syswow64
75010000 comdlg32.dll          6.1.7600.16385     C:/Windows/syswow64
75090000 iertutil.dll          8.0.7600.16385     C:/Windows/syswow64
75290000 MSASN1.dll            6.1.7600.16415     C:/Windows/syswow64
752a0000 SETUPAPI.dll          6.1.7600.16385     C:/Windows/syswow64
75440000 kernel32.dll          6.1.7600.16385     C:/Windows/syswow64
75540000 WS2_32.dll            6.1.7600.16385     C:/Windows/syswow64
75580000 ole32.dll             6.1.7600.16385     C:/Windows/syswow64
756e0000 NSI.dll               6.1.7600.16385     C:/Windows/syswow64
756f0000 ADVAPI32.dll          6.1.7600.16385     C:/Windows/syswow64
75790000 KERNELBASE.dll        6.1.7600.16385     C:/Windows/syswow64
757e0000 shell32.dll           6.1.7600.16385     C:/Windows/syswow64
76430000 USP10.dll             1.626.7600.16385   C:/Windows/syswow64
764d0000 WINTRUST.dll          6.1.7600.16385     C:/Windows/syswow64
76500000 MSCTF.dll             6.1.7600.16385     C:/Windows/syswow64
765d0000 msvcrt.dll            7.0.7600.16385     C:/Windows/syswow64
76680000 GDI32.dll             6.1.7600.16385     C:/Windows/syswow64
76740000 RPCRT4.dll            6.1.7600.16385     C:/Windows/syswow64
76830000 WLDAP32.dll           6.1.7600.16385     C:/Windows/syswow64
76880000 DEVOBJ.dll            6.1.7600.16385     C:/Windows/syswow64
768a0000 SHLWAPI.dll           6.1.7600.16385     C:/Windows/syswow64
76900000 LPK.dll               6.1.7600.16385     C:/Windows/syswow64
76970000 user32.dll            6.1.7600.16385     C:/Windows/syswow64
76b00000 crypt32.dll           6.1.7600.16385     C:/Windows/syswow64
76c20000 sechost.dll           6.1.7600.16385     C:/Windows/SysWOW64
76d40000 IMM32.DLL             6.1.7600.16385     C:/Windows/system32
76da0000 oleaut32.dll          6.1.7600.16385     C:/Windows/syswow64
77230000 ntdll.dll             6.1.7600.16385     C:/Windows/SysWOW64

disassembling:
00405910 public System.DynArraySetLength:  ; function entry point
00405910   push    ebp
00405911   mov     ebp, esp
00405913   add     esp, -$20
00405916   push    ebx
00405917   push    esi
00405918   push    edi
00405919   mov     [ebp-8], ecx
0040591c   mov     esi, edx
0040591e   mov     [ebp-4], eax
00405921   mov     ebx, [ebp-4]
00405924   mov     ebx, [ebx]
00405926   mov     eax, [ebp+8]
00405929   mov     edi, [eax]
0040592b   test    edi, edi
0040592d   jg      loc_405949
0040592f   test    edi, edi
00405931   jge     loc_40593a
00405933   mov     al, 4
00405935   call    -$2e92 ($402aa8)       ; System.Error
0040593a > mov     eax, [ebp-4]
0040593d   mov     edx, esi
0040593f   call    -$3c ($405908)         ; System.DynArrayClear
00405944   jmp     loc_405a91
00405949   xor     eax, eax
0040594b   mov     [ebp-$10], eax
0040594e   test    ebx, ebx
00405950   jz      loc_40595d
00405952   sub     ebx, 4
00405955   mov     eax, [ebx]
00405957   mov     [ebp-$10], eax
0040595a   sub     ebx, 4
0040595d   xor     eax, eax
0040595f   mov     al, [esi+1]
00405962   add     esi, eax
00405964   mov     eax, [esi+2]
00405967   mov     [ebp-$18], eax
0040596a   mov     eax, [esi+6]
0040596d   test    eax, eax
0040596f   jz      loc_405975
00405971   mov     esi, [eax]
[...]



----------

date/time         : 2010-04-12 23:51
computer name     : HOSTBUSTER
user name         : Rem0ve
operating system  : Windows NT New Tablet PC x64 build 7600
system language   : German
system up time    : 6 hours 28 minutes 
program up time   : 1 minute 45 seconds 
processors        : 2x Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz
physical memory   : 2047/4091 MB (free/total)
free disk space   : (C:) 233,39 GB
display mode      : 1366x768, 32 bit
monitors          : 1
process id        : $1064
allocated memory  : 182,26 MB
executable        : FlashFXP.exe
executable hash   : 370F40D4853967D56580F0699D3958DE
executable size   : 3068360
exec. date/time   : 2008-02-20 10:52
version           : 3.6.0.1240
madExcept version : 2.7k
exception class   : EStringListError
exception message : List index out of bounds (24).

main thread ($950):
00462240 FlashFXP.exe StdCtrls        3254   +2 TListBoxStrings.Get
00478da0 FlashFXP.exe Controls        5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms           1484   +8 StdWndProc
004768e1 FlashFXP.exe Controls        4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls        5698  +42 TWinControl.WndProc
00462e45 FlashFXP.exe StdCtrls        3660  +14 TCustomListBox.WndProc
004c449e FlashFXP.exe ThemeMgr         591  +10 TWindowProcList.DispatchMessage
00478da0 FlashFXP.exe Controls        5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms           1484   +8 StdWndProc
00415f71 FlashFXP.exe Classes         3217   +4 TStringList.Grow
004160ab FlashFXP.exe Classes         3247  +13 TStringList.InsertItem
0048c148 FlashFXP.exe IniFiles32       951  +15 TIniFile32.WriteSection
005c60da FlashFXP.exe FilterDlg        330  +13 TFrmFilter.bOkClick
00476a76 FlashFXP.exe Controls        4294   +9 TControl.Click
0046177b FlashFXP.exe StdCtrls        2869   +3 TButton.Click
00461887 FlashFXP.exe StdCtrls        2921   +1 TButton.CNCommand
004768e1 FlashFXP.exe Controls        4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls        5698  +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls        2849  +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr         591  +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr         924  +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr        2030   +2 TThemeManager.PreButtonControlWindowProc
00476710 FlashFXP.exe Controls        4158   +5 TControl.Perform
00479287 FlashFXP.exe Controls        5741   +6 DoControlMsg
0047978b FlashFXP.exe Controls        5917   +1 TWinControl.WMCommand
0046b7e8 FlashFXP.exe Forms           4161   +3 TCustomForm.WMCommand
004768e1 FlashFXP.exe Controls        4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls        5698  +42 TWinControl.WndProc
004699dd FlashFXP.exe Forms           3190 +139 TCustomForm.WndProc
004c449e FlashFXP.exe ThemeMgr         591  +10 TWindowProcList.DispatchMessage
004c4df4 FlashFXP.exe ThemeMgr        1149  +38 TThemeManager.FormWindowProc
004c62f8 FlashFXP.exe ThemeMgr        2056   +2 TThemeManager.PreFormWindowProc
005290ea FlashFXP.exe VistaAltFixUnit  269   +1 TFormObj.WndProc
00478da0 FlashFXP.exe Controls        5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms           1484   +8 StdWndProc
772400e3 ntdll.dll                              KiUserCallbackDispatcher
7698cd7c user32.dll                             SendMessageW
76997b0a user32.dll                             CallWindowProcA
0047920b FlashFXP.exe Controls        5720  +18 TWinControl.DefaultHandler
00476e7c FlashFXP.exe Controls        4441   +1 TControl.WMLButtonUp
004768e1 FlashFXP.exe Controls        4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls        5698  +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls        2849  +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr         591  +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr         924  +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr        2030   +2 TThemeManager.PreButtonControlWindowProc
00478da0 FlashFXP.exe Controls        5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms           1484   +8 StdWndProc
7698810d user32.dll                             DispatchMessageA
0046f6a3 FlashFXP.exe Forms           6898  +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms           6936   +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms           7026  +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP         671 +503 initialization
75453675 kernel32.dll                           BaseThreadInitThunk

thread $9b8:
772500fd ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1484 (TChangeHandlerThread):
772500fd ntdll.dll                                
757a095c KERNELBASE.dll                           WaitForMultipleObjectsEx
75451628 kernel32.dll                             WaitForMultipleObjectsEx
7545191c kernel32.dll                             WaitForMultipleObjects
00507339 FlashFXP.exe   UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe   madExcept                 HookedTThreadExecute
0041b104 FlashFXP.exe   Classes          6898  +1 ThreadProc
00403f38 FlashFXP.exe   System                    ThreadWrapper
0044bc01 FlashFXP.exe   madExcept                 CallThreadProc
0044bc43 FlashFXP.exe   madExcept                 ThreadExceptFrame
75453675 kernel32.dll                             BaseThreadInitThunk
>> created by main thread ($950) at:
00506fff FlashFXP.exe   UPTShellControls 3916  +2 TChangeHandlerThread.Create

thread $1148:
7724fd31 ntdll.dll                
757a2c4a KERNELBASE.dll           SleepEx
757a351b KERNELBASE.dll           Sleep
0044bc01 FlashFXP.exe   madExcept CallThreadProc
0044bc43 FlashFXP.exe   madExcept ThreadExceptFrame
75453675 kernel32.dll             BaseThreadInitThunk
>> created by thread $12c4 at:
755b642e ole32.dll                

thread $3ec:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1510:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1268:
76987e47 user32.dll             
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll           BaseThreadInitThunk
>> created by thread $1644 at:
768b480b SHLWAPI.dll            

modules:
00400000 FlashFXP.exe          3.6.0.1240         C:/Program Files (x86)/FlashFXP
03a60000 ssleay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
641d0000 wpdshext.dll          6.1.7600.16385     C:/Windows/system32
66960000 EhStorAPI.dll         6.1.7600.16385     C:/Windows/system32
66990000 PortableDeviceApi.dll 6.1.7600.16385     C:/Windows/system32
66a20000 SearchFolder.dll      6.1.7600.16385     C:/Windows/system32
66ac0000 ieproxy.dll           8.0.7600.16535     C:/Program Files (x86)/Internet Explorer
6aae0000 NetworkExplorer.dll   6.1.7600.16385     C:/Windows/system32
6ac90000 actxprxy.dll          6.1.7600.16385     C:/Windows/SysWOW64
6ace0000 StructuredQuery.dll   7.0.7600.16385     C:/Windows/System32
6afc0000 LINKINFO.dll          6.1.7600.16385     C:/Windows/system32
6afd0000 xmllite.dll           1.3.1000.0         C:/Windows/system32
6b1c0000 UIAutomationCore.dll  7.0.0.0            C:/Windows/system32
6b250000 msls31.dll            3.10.349.0         C:/Windows/system32
6cb30000 thumbcache.dll        6.1.7600.16385     C:/Windows/SysWOW64
6cd80000 WMASF.DLL             12.0.7600.16385    C:/Windows/system32
6cdc0000 WMVCore.DLL           12.0.7600.16385    C:/Windows/system32
6d190000 SAMLIB.dll            6.1.7600.16385     C:/Windows/system32
6d630000 ieframe.DLL           8.0.7600.16535     C:/Windows/system32
6e1c0000 audiodev.dll          6.1.7600.16385     C:/Windows/system32
6f7a0000 shdocvw.dll           6.1.7600.16385     C:/Windows/System32
6f8a0000 DUI70.dll             6.1.7600.16385     C:/Windows/system32
6f960000 explorerframe.dll     6.1.7600.16385     C:/Windows/system32
6fcb0000 ntshrui.dll           6.1.7600.16385     C:/Windows/system32
6fd30000 SXS.DLL               6.1.7600.16385     C:/Windows/system32
6fd90000 EhStorShell.dll       6.1.7600.16385     C:/Windows/system32
6fdd0000 DUser.dll             6.1.7600.16385     C:/Windows/system32
6fe00000 slc.dll               6.1.7600.16385     C:/Windows/system32
726b0000 WindowsCodecs.dll     6.1.7600.16385     C:/Windows/system32
72870000 dwmapi.dll            6.1.7600.16385     C:/Windows/system32
72890000 uxtheme.dll           6.1.7600.16385     C:/Windows/system32
729a0000 tiptsf.dll            6.1.7600.16385     C:/Program Files (x86)/Common Files/microsoft shared/ink
72b40000 Secur32.dll           6.1.7600.16385     C:/Windows/System32
72b50000 apphelp.dll           6.1.7600.16385     C:/Windows/system32
72ba0000 rsaenh.dll            6.1.7600.16385     C:/Windows/system32
72be0000 CRYPTSP.dll           6.1.7600.16385     C:/Windows/system32
72c00000 comctl32.dll          6.10.7600.16385    C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72ea0000 WINSTA.dll            6.1.7600.16385     C:/Windows/System32
73020000 wsock32.dll           6.1.7600.16385     C:/Windows/system32
73040000 wkscli.dll            6.1.7600.16385     C:/Windows/system32
73050000 srvcli.dll            6.1.7600.16385     C:/Windows/system32
73070000 netutils.dll          6.1.7600.16385     C:/Windows/system32
730b0000 winspool.drv          6.1.7600.16385     C:/Windows/system32
73110000 oleacc.dll            7.0.0.0            C:/Windows/system32
73440000 RpcRtRemote.dll       6.1.7600.16385     C:/Windows/system32
73450000 MPR.dll               6.1.7600.16385     C:/Windows/system32
73870000 samcli.dll            6.1.7600.16385     C:/Windows/system32
739c0000 winmm.dll             6.1.7600.16385     C:/Windows/system32
73b40000 cscapi.dll            6.1.7600.16385     C:/Windows/system32
73b50000 DAVHLPR.dll           6.1.7600.16385     C:/Windows/System32
73b60000 davclnt.dll           6.1.7600.16385     C:/Windows/System32
73b80000 ntlanman.dll          6.1.7600.16385     C:/Windows/System32
73ba0000 drprov.dll            6.1.7600.16385     C:/Windows/System32
74320000 gdiplus.dll           6.1.7600.16385     C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll           7.0.7600.16385     C:/Windows/system32
74730000 ntmarta.dll           6.1.7600.16385     C:/Windows/system32
748e0000 profapi.dll           6.1.7600.16385     C:/Windows/system32
74910000 version.dll           6.1.7600.16385     C:/Windows/system32
74d90000 CRYPTBASE.dll         6.1.7600.16385     C:/Windows/syswow64
74da0000 SspiCli.dll           6.1.7600.16385     C:/Windows/syswow64
74e00000 PSAPI.DLL             6.1.7600.16385     C:/Windows/syswow64
74e10000 CLBCatQ.DLL           2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll          6.1.7600.16385     C:/Windows/syswow64
75010000 comdlg32.dll          6.1.7600.16385     C:/Windows/syswow64
75090000 iertutil.dll          8.0.7600.16385     C:/Windows/syswow64
75290000 MSASN1.dll            6.1.7600.16415     C:/Windows/syswow64
752a0000 SETUPAPI.dll          6.1.7600.16385     C:/Windows/syswow64
75440000 kernel32.dll          6.1.7600.16385     C:/Windows/syswow64
75540000 WS2_32.dll            6.1.7600.16385     C:/Windows/syswow64
75580000 ole32.dll             6.1.7600.16385     C:/Windows/syswow64
756e0000 NSI.dll               6.1.7600.16385     C:/Windows/syswow64
756f0000 ADVAPI32.dll          6.1.7600.16385     C:/Windows/syswow64
75790000 KERNELBASE.dll        6.1.7600.16385     C:/Windows/syswow64
757e0000 shell32.dll           6.1.7600.16385     C:/Windows/syswow64
76430000 USP10.dll             1.626.7600.16385   C:/Windows/syswow64
764d0000 WINTRUST.dll          6.1.7600.16385     C:/Windows/syswow64
76500000 MSCTF.dll             6.1.7600.16385     C:/Windows/syswow64
765d0000 msvcrt.dll            7.0.7600.16385     C:/Windows/syswow64
76680000 GDI32.dll             6.1.7600.16385     C:/Windows/syswow64
76740000 RPCRT4.dll            6.1.7600.16385     C:/Windows/syswow64
76830000 WLDAP32.dll           6.1.7600.16385     C:/Windows/syswow64
76880000 DEVOBJ.dll            6.1.7600.16385     C:/Windows/syswow64
768a0000 SHLWAPI.dll           6.1.7600.16385     C:/Windows/syswow64
76900000 LPK.dll               6.1.7600.16385     C:/Windows/syswow64
76970000 user32.dll            6.1.7600.16385     C:/Windows/syswow64
76b00000 crypt32.dll           6.1.7600.16385     C:/Windows/syswow64
76c20000 sechost.dll           6.1.7600.16385     C:/Windows/SysWOW64
76d40000 IMM32.DLL             6.1.7600.16385     C:/Windows/system32
76da0000 oleaut32.dll          6.1.7600.16385     C:/Windows/syswow64
77230000 ntdll.dll             6.1.7600.16385     C:/Windows/SysWOW64

disassembling:
[...]
004621fa        push    $46226e                ; System.@HandleFinally
004621ff        push    dword ptr fs:[eax]
00462202        mov     fs:[eax], esp
00462205 3253   lea     eax, [ebp-$1004]
0046220b        push    eax
0046220c        push    edi
0046220d        push    $189
00462212        mov     eax, [esi+$c]
00462215        call    +$192f2 ($47b50c)      ; Controls.TWinControl.GetHandle
0046221a        push    eax
0046221b        call    -$5a5b8 ($407c68)      ; Windows.SendMessage
00462220        mov     ebx, eax
00462222 3254   test    ebx, ebx
00462224        jge     loc_462245
00462226        lea     edx, [ebp-$1008]
0046222c        mov     eax, [$637a30]
00462231        call    -$5c24a ($405fec)      ; System.LoadResString
00462236        mov     edx, [ebp-$1008]
0046223c        mov     ecx, edi
0046223e        mov     eax, esi
00462240      > call    -$4d3fd ($414e48)      ; Classes.TStrings.Error
00462245 3255   lea     edx, [ebp-$1004]
0046224b        mov     eax, [ebp-4]
0046224e        mov     ecx, ebx
00462250        call    -$5e1dd ($404078)      ; System.@LStrFromPCharLen
00462255        xor     eax, eax
00462257        pop     edx
00462258        pop     ecx
00462259        pop     ecx
0046225a        mov     fs:[eax], edx
0046225d        push    $462275
00462262        lea     eax, [ebp-$1008]
00462268        call    -$5e2d9 ($403f94)      ; System.@LStrClr
0046226d        ret
0046226e        jmp     -$5e923 ($403950)      ; System.@HandleFinally
00462273        jmp     loc_462262
00462275 3256   pop     edi
00462276        pop     esi
00462277        pop     ebx
00462278        mov     esp, ebp
0046227a        pop     ebp
[...]



------

date/time         : 2010-04-12 23:33
computer name     : HOSTBUSTER
user name         : Rem0ve
operating system  : Windows NT New Tablet PC x64 build 7600
system language   : German
system up time    : 6 hours 10 minutes 
program up time   : 1 minute 
processors        : 2x Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz
physical memory   : 2041/4091 MB (free/total)
free disk space   : (C:) 233,38 GB
display mode      : 1366x768, 32 bit
monitors          : 1
process id        : $d00
allocated memory  : 49,27 MB
executable        : FlashFXP.exe
executable hash   : 370F40D4853967D56580F0699D3958DE
executable size   : 3068360
exec. date/time   : 2008-02-20 10:52
version           : 3.6.0.1240
madExcept version : 2.7k
exception class   : EStringListError
exception message : List index out of bounds (0).

main thread ($12bc):
00462240 FlashFXP.exe StdCtrls  3254   +2 TListBoxStrings.Get
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004b87e0 FlashFXP.exe ComCtrls 12780  +13 TCustomListView.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c5197 FlashFXP.exe ThemeMgr  1344  +18 TThemeManager.ListviewWindowProc
004c6320 FlashFXP.exe ThemeMgr  2093   +2 TThemeManager.PreListviewWindowProc
00476710 FlashFXP.exe Controls  4158   +5 TControl.Perform
00479287 FlashFXP.exe Controls  5741   +6 DoControlMsg
004797ad FlashFXP.exe Controls  5922   +1 TWinControl.WMNotify
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr  1566  +57 TThemeManager.PanelWindowProc
004c6334 FlashFXP.exe ThemeMgr  2104   +2 TThemeManager.PrePanelWindowProc
00478da0 FlashFXP.exe Controls  5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms     1484   +8 StdWndProc
772400e3 ntdll.dll                        KiUserCallbackDispatcher
7698cd7c user32.dll                       SendMessageW
0047bcd7 FlashFXP.exe Controls  7500  +20 DoCalcConstraints
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
00466aac FlashFXP.exe Forms     1484   +8 StdWndProc
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr  1566  +57 TThemeManager.PanelWindowProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
00478da0 FlashFXP.exe Controls  5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms     1484   +8 StdWndProc
772400e3 ntdll.dll                        KiUserCallbackDispatcher
769aef3b user32.dll                       SendMessageA
004621d0 FlashFXP.exe StdCtrls  3245   +1 TListBoxStrings.GetCount
00414fb1 FlashFXP.exe Classes   2777   +2 TStrings.GetCommaText
005b3975 FlashFXP.exe FrmVD1     176  +10 TFrmVD.bOk2Click
00476a76 FlashFXP.exe Controls  4294   +9 TControl.Click
0046177b FlashFXP.exe StdCtrls  2869   +3 TButton.Click
00461887 FlashFXP.exe StdCtrls  2921   +1 TButton.CNCommand
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls  2849  +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr   924  +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr  2030   +2 TThemeManager.PreButtonControlWindowProc
00476710 FlashFXP.exe Controls  4158   +5 TControl.Perform
00479287 FlashFXP.exe Controls  5741   +6 DoControlMsg
0047978b FlashFXP.exe Controls  5917   +1 TWinControl.WMCommand
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr  1566  +57 TThemeManager.PanelWindowProc
004c6334 FlashFXP.exe ThemeMgr  2104   +2 TThemeManager.PrePanelWindowProc
00478da0 FlashFXP.exe Controls  5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms     1484   +8 StdWndProc
772400e3 ntdll.dll                        KiUserCallbackDispatcher
7698cd7c user32.dll                       SendMessageW
76997b0a user32.dll                       CallWindowProcA
0047920b FlashFXP.exe Controls  5720  +18 TWinControl.DefaultHandler
00476e7c FlashFXP.exe Controls  4441   +1 TControl.WMLButtonUp
004768e1 FlashFXP.exe Controls  4233  +37 TControl.WndProc
00479116 FlashFXP.exe Controls  5698  +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls  2849  +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr   591  +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr   924  +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr  2030   +2 TThemeManager.PreButtonControlWindowProc
00478da0 FlashFXP.exe Controls  5571   +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms     1484   +8 StdWndProc
7698810d user32.dll                       DispatchMessageA
0046f6a3 FlashFXP.exe Forms     6898  +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms     6936   +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms     7026  +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP   671 +503 initialization
75453675 kernel32.dll                     BaseThreadInitThunk

thread $13a8:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $660:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1420:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1554:
772500fd ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

thread $1518 (TChangeHandlerThread):
772500fd ntdll.dll                                
757a095c KERNELBASE.dll                           WaitForMultipleObjectsEx
75451628 kernel32.dll                             WaitForMultipleObjectsEx
7545191c kernel32.dll                             WaitForMultipleObjects
00507339 FlashFXP.exe   UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe   madExcept                 HookedTThreadExecute
0041b104 FlashFXP.exe   Classes          6898  +1 ThreadProc
00403f38 FlashFXP.exe   System                    ThreadWrapper
0044bc01 FlashFXP.exe   madExcept                 CallThreadProc
0044bc43 FlashFXP.exe   madExcept                 ThreadExceptFrame
75453675 kernel32.dll                             BaseThreadInitThunk
>> created by main thread ($12bc) at:
00506fff FlashFXP.exe   UPTShellControls 3916  +2 TChangeHandlerThread.Create

thread $1660:
77251ee6 ntdll.dll     
75453675 kernel32.dll  BaseThreadInitThunk

modules:
00400000 FlashFXP.exe          3.6.0.1240         C:/Program Files (x86)/FlashFXP
03570000 ssleay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll          0.9.8.9            C:/Program Files (x86)/FlashFXP
641d0000 wpdshext.dll          6.1.7600.16385     C:/Windows/system32
66960000 EhStorAPI.dll         6.1.7600.16385     C:/Windows/system32
66990000 PortableDeviceApi.dll 6.1.7600.16385     C:/Windows/system32
6cd80000 WMASF.DLL             12.0.7600.16385    C:/Windows/system32
6cdc0000 WMVCore.DLL           12.0.7600.16385    C:/Windows/system32
6e180000 audiodev.dll          6.1.7600.16385     C:/Windows/system32
6f7a0000 shdocvw.dll           6.1.7600.16385     C:/Windows/System32
6fcb0000 ntshrui.dll           6.1.7600.16385     C:/Windows/system32
6fd90000 EhStorShell.dll       6.1.7600.16385     C:/Windows/system32
6fe00000 slc.dll               6.1.7600.16385     C:/Windows/system32
726b0000 WindowsCodecs.dll     6.1.7600.16385     C:/Windows/system32
72870000 dwmapi.dll            6.1.7600.16385     C:/Windows/system32
72890000 uxtheme.dll           6.1.7600.16385     C:/Windows/system32
729a0000 tiptsf.dll            6.1.7600.16385     C:/Program Files (x86)/Common Files/microsoft shared/ink
72b50000 apphelp.dll           6.1.7600.16385     C:/Windows/system32
72c00000 comctl32.dll          6.10.7600.16385    C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72ea0000 WINSTA.dll            6.1.7600.16385     C:/Windows/System32
73020000 wsock32.dll           6.1.7600.16385     C:/Windows/system32
73040000 wkscli.dll            6.1.7600.16385     C:/Windows/system32
73050000 srvcli.dll            6.1.7600.16385     C:/Windows/system32
73070000 netutils.dll          6.1.7600.16385     C:/Windows/system32
730b0000 winspool.drv          6.1.7600.16385     C:/Windows/system32
73110000 oleacc.dll            7.0.0.0            C:/Windows/system32
73450000 MPR.dll               6.1.7600.16385     C:/Windows/system32
739c0000 winmm.dll             6.1.7600.16385     C:/Windows/system32
73b40000 cscapi.dll            6.1.7600.16385     C:/Windows/system32
73b50000 DAVHLPR.dll           6.1.7600.16385     C:/Windows/System32
73b60000 davclnt.dll           6.1.7600.16385     C:/Windows/System32
73b80000 ntlanman.dll          6.1.7600.16385     C:/Windows/System32
73ba0000 drprov.dll            6.1.7600.16385     C:/Windows/System32
74320000 gdiplus.dll           6.1.7600.16385     C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll           7.0.7600.16385     C:/Windows/system32
74730000 ntmarta.dll           6.1.7600.16385     C:/Windows/system32
748e0000 profapi.dll           6.1.7600.16385     C:/Windows/system32
74910000 version.dll           6.1.7600.16385     C:/Windows/system32
74d90000 CRYPTBASE.dll         6.1.7600.16385     C:/Windows/syswow64
74da0000 SspiCli.dll           6.1.7600.16385     C:/Windows/syswow64
74e10000 CLBCatQ.DLL           2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll          6.1.7600.16385     C:/Windows/syswow64
75010000 comdlg32.dll          6.1.7600.16385     C:/Windows/syswow64
75290000 MSASN1.dll            6.1.7600.16415     C:/Windows/syswow64
752a0000 SETUPAPI.dll          6.1.7600.16385     C:/Windows/syswow64
75440000 kernel32.dll          6.1.7600.16385     C:/Windows/syswow64
75540000 WS2_32.dll            6.1.7600.16385     C:/Windows/syswow64
75580000 ole32.dll             6.1.7600.16385     C:/Windows/syswow64
756e0000 NSI.dll               6.1.7600.16385     C:/Windows/syswow64
756f0000 ADVAPI32.dll          6.1.7600.16385     C:/Windows/syswow64
75790000 KERNELBASE.dll        6.1.7600.16385     C:/Windows/syswow64
757e0000 shell32.dll           6.1.7600.16385     C:/Windows/syswow64
76430000 USP10.dll             1.626.7600.16385   C:/Windows/syswow64
764d0000 WINTRUST.dll          6.1.7600.16385     C:/Windows/syswow64
76500000 MSCTF.dll             6.1.7600.16385     C:/Windows/syswow64
765d0000 msvcrt.dll            7.0.7600.16385     C:/Windows/syswow64
76680000 GDI32.dll             6.1.7600.16385     C:/Windows/syswow64
76740000 RPCRT4.dll            6.1.7600.16385     C:/Windows/syswow64
76830000 WLDAP32.dll           6.1.7600.16385     C:/Windows/syswow64
76880000 DEVOBJ.dll            6.1.7600.16385     C:/Windows/syswow64
768a0000 SHLWAPI.dll           6.1.7600.16385     C:/Windows/syswow64
76900000 LPK.dll               6.1.7600.16385     C:/Windows/syswow64
76970000 user32.dll            6.1.7600.16385     C:/Windows/syswow64
76b00000 crypt32.dll           6.1.7600.16385     C:/Windows/syswow64
76c20000 sechost.dll           6.1.7600.16385     C:/Windows/SysWOW64
76d40000 IMM32.DLL             6.1.7600.16385     C:/Windows/system32
76da0000 oleaut32.dll          6.1.7600.16385     C:/Windows/syswow64
77230000 ntdll.dll             6.1.7600.16385     C:/Windows/SysWOW64

disassembling:
[...]
004621fa        push    $46226e                ; System.@HandleFinally
004621ff        push    dword ptr fs:[eax]
00462202        mov     fs:[eax], esp
00462205 3253   lea     eax, [ebp-$1004]
0046220b        push    eax
0046220c        push    edi
0046220d        push    $189
00462212        mov     eax, [esi+$c]
00462215        call    +$192f2 ($47b50c)      ; Controls.TWinControl.GetHandle
0046221a        push    eax
0046221b        call    -$5a5b8 ($407c68)      ; Windows.SendMessage
00462220        mov     ebx, eax
00462222 3254   test    ebx, ebx
00462224        jge     loc_462245
00462226        lea     edx, [ebp-$1008]
0046222c        mov     eax, [$637a30]
00462231        call    -$5c24a ($405fec)      ; System.LoadResString
00462236        mov     edx, [ebp-$1008]
0046223c        mov     ecx, edi
0046223e        mov     eax, esi
00462240      > call    -$4d3fd ($414e48)      ; Classes.TStrings.Error
00462245 3255   lea     edx, [ebp-$1004]
0046224b        mov     eax, [ebp-4]
0046224e        mov     ecx, ebx
00462250        call    -$5e1dd ($404078)      ; System.@LStrFromPCharLen
00462255        xor     eax, eax
00462257        pop     edx
00462258        pop     ecx
00462259        pop     ecx
0046225a        mov     fs:[eax], edx
0046225d        push    $462275
00462262        lea     eax, [ebp-$1008]
00462268        call    -$5e2d9 ($403f94)      ; System.@LStrClr
0046226d        ret
0046226e        jmp     -$5e923 ($403950)      ; System.@HandleFinally
00462273        jmp     loc_462262
00462275 3256   pop     edi
00462276        pop     esi
00462277        pop     ebx
00462278        mov     esp, ebp
0046227a        pop     ebp
[...]

-----


Analysis Picture(s):
			../Analyses/bugreport.txt
			../Analyses/bugreport2.txt
			../Analyses/bugreport3.txt


Picture(s):
			../1.png
			../2.png


Proof of Concept (PoC):
=======================
This vulnerabilities can be exploited by local attackers to crash/stop the software ...
The problem can be reproduced over the import function of flashfxp as .dat extension.

Example Insertion:

[Default Sites Web Browsers Opera]
IP=[String].com           // <= Include Over-Sized Url on [String] 
Port=21
User=anonymous
anonymous=1
Options=300333300003300110300001000
Created=38187.2293877083
Pass=
Path=/pub/opera/


References:

				../PoC/Sites.dat


Reproduce the other crash ...

1. Options => File Associations
2. Add => File Mask (*.*)
3. Include over-sized String & switch down + choose the empty field what is now included hidden
4. Check on Viewing & Editing & klick "Ok"
5. Feel free and get stable crashed ^^




Security Risk:
==============
A local attacker is able to crash the software with different critical software errors & exceptions.
The security risk of the vulnerability is estimated as medium.



Credits & Authors:
==================
Vulnerability Research Laboratory


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.vulnerability-lab.com/register
Contact:    admin@vulnerability-lab.com 	- support@vulnerability-lab.com 	       - research@vulnerability-lab.com
Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - news.vulnerability-lab.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and 
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.

    				   	Copyright © 2012 | Vulnerability Laboratory